Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Spyware Guard 2009


  • This topic is locked This topic is locked
7 replies to this topic

#1 Wygal

Wygal

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 April 2009 - 07:21 PM

I've tried running adaware and malwarebytes to remove this program and thought it was gone, but there are 4 reg values that seem to be bringing it back. These are the 4 that malwarebytes says that I have to reboot to delete, but when I reboot, not only are they still there, but the rest of the spyware guard programs/files are also back.

These are the 4 registry entries that keep coming up through malwarebytes that it can't remove:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu

Here is the log file after rebooting:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:11 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Spyware Guard 2009\spywareguard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\winscenter.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\LANScope Agent\awtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardplayer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {96D5CE2D-6275-43C3-9C86-8A9B689EF333} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: (no name) - {A84A7A2B-EFBB-46A4-ADAC-29B5558EE514} - C:\WINDOWS\system32\cnetcf.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [installnet.exe] "C:\Acer\LANScope Agent\Installnet.exe" "C:\Acer\LANScope Agent\
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2009\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat
O21 - SSODL: ieModule - {9CD48BA2-5C6A-46E4-8386-EDF7C3FCFB65} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {5A5AE83B-7CF1-4559-A1E5-5C7BB1B41AFE} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\btlpqsxxdm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10638 bytes

BC AdBot (Login to Remove)

 


#2 Wygal

Wygal
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 09 April 2009 - 02:25 AM

Can anyone help me with this?

#3 Wygal

Wygal
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 09 April 2009 - 03:19 PM

???

#4 Wygal

Wygal
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 14 April 2009 - 03:37 AM

Here is the DDS Log: (Someone please help...I really need to get rid of this crap)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Wygal at 4:33:23.87 on Tue 04/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.395 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Acer\LANScope Agent\awtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Guard 2009\spywareguard.exe
C:\Documents and Settings\Wygal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cardplayer.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {96d5ce2d-6275-43c3-9c86-8a9b689ef333} - c:\windows\system32\cnetcf.dll
BHO: {a84a7a2b-efbb-46a4-adac-29b5558ee514} - c:\windows\system32\cnetcf.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [LaunchApp] Alaunch
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eLockMonitor] c:\acer\empowering technology\elock\monitor\LaunchMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [installnet.exe] "c:\acer\lanscope agent\installnet.exe" "c:\acer\lanscope agent\
mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cfgwiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-

B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [spywareguard] c:\program files\spyware guard 2009\spywareguard.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: karna.dat
SSODL: ieModule - {9CD48BA2-5C6A-46E4-8386-EDF7C3FCFB65} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {5A5AE83B-7CF1-4559-A1E5-5C7BB1B41AFE} - c:\documents and settings\all users\application data\microsoft\internet

explorer\dlls\btlpqsxxdm.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-8 12424]
R0 cqcjbmkw;cqcjbmkw;c:\windows\system32\drivers\cqcjbmkw.sys [2004-8-4 23424]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-8 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-8 26184]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-8-27 26768]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-8 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-8 75272]
R2 AWService;AdminWorks Agent X6;c:\acer\lanscope agent\awServ.exe [2007-4-26 75032]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008

-1-11 30312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112]
R2 LockServ;LockServ;c:\acer\empowering technology\elock\lockserv.exe -p --> c:\acer\empowering technology\elock\LockServ.exe -p [?]
R2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-3 18072]
R2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-5-30 14616]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-6-12 15640]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-9 10944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-2 24652]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060823.066\NAVENG.SYS [2006-8-23 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060823.066\NAVEX15.SYS [2006-8-23 828872]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-20 1087680]
S3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\empowering technology\eacoustics\oddspeedctl\speedcontrol.exe [2005-2-15 81920]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]

=============== Created Last 30 ================

2009-04-12 03:11 1,003,957 a------- c:\windows\sysexplorer.exe
2009-04-12 03:11 134,149 a------- c:\windows\reged.exe
2009-04-12 03:11 51,197 a------- c:\windows\spoolsystem.exe
2009-04-12 03:11 50,620 a------- c:\windows\sys.com
2009-04-12 03:11 47,872 a------- c:\windows\syscert.exe
2009-04-12 03:11 18,941 a------- c:\windows\vmreg.dll
2009-04-12 03:11 <DIR> --d----- c:\program files\Spyware Guard 2009

==================== Find3M ====================

2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-18 03:39 384,512 a------- c:\windows\system32\winscenter.exe
2009-01-17 05:13 27,141 a------- c:\docume~1\alluse~1\applic~1\svhost.exe
2008-11-06 05:35 17,726 a------- c:\program files\common files\wifo.dll
2008-11-06 05:35 16,440 a------- c:\program files\common files\igosiqikuv.exe
2008-11-06 05:35 15,697 a------- c:\docume~1\wygal\applic~1\obovyh.exe
2008-11-06 05:35 15,604 a------- c:\docume~1\alluse~1\applic~1\gevu.bat
2008-11-06 05:35 14,418 a------- c:\docume~1\wygal\applic~1\udeqe.exe
2008-11-06 05:35 13,663 a------- c:\program files\common files\ecetomy.reg
2008-11-06 05:35 10,326 a------- c:\program files\common files\tojyhinaj.db
2008-11-06 05:35 10,160 a------- c:\docume~1\wygal\applic~1\kobudu.sys

============= FINISH: 4:34:01.20 ===============

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 17 April 2009 - 06:51 AM

Hello.. You have two antivirus, AVG and Norton.. Uninstall one of them.. Then do below..


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Wygal

Wygal
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 18 April 2009 - 03:47 AM

SDFix: Version 1.240
Run by Wygal on Sat 04/18/2009 at 04:08 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
TDSSserv.sys

Path :
\systemroot\system32\drivers\TDSSpqlt.sys

TDSSserv.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Wygal\LOCALS~1\Temp\TMP3.tmp - Deleted
C:\WINDOWS\system32\winsrc.dll.tmp - Deleted
C:\WINDOWS\system32\drivers\TDSSpqlt.sys - Deleted
C:\WINDOWS\system32\TDSSosvd.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 04:17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 20 Jul 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 20 Jul 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 20 Jul 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 20 Jul 2007 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 18 Sep 2007 281,088 A..H. --- "C:\Documents and Settings\Wygal\My Documents\Poker Stuff\~WRL0002.tmp"
Mon 21 Jul 2008 32,855 ..SHR --- "C:\Documents and Settings\Wygal\Local Settings\Temp\Juniper Networks\setup\NeoterisSetupApp.exe"

Finished!



ComboFix 09-04-18.05 - Wygal 04/18/2009 4:24.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.607 [GMT -4:00]
Running from: c:\documents and settings\Wygal\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\btlpqsxxdm.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\Wygal\Start Menu\Programs\Spyware Guard 2009
c:\documents and settings\Wygal\Start Menu\Programs\Spyware Guard 2009\Spyware Guard 2009.lnk
c:\program files\Spyware Guard 2009
c:\program files\Spyware Guard 2009\conf.cfg
c:\program files\Spyware Guard 2009\mbase.vdb
c:\program files\Spyware Guard 2009\quarantine.vdb
c:\program files\Spyware Guard 2009\queue.vdb
c:\program files\Spyware Guard 2009\spywareguard.exe
c:\program files\Spyware Guard 2009\uninstall.exe
c:\program files\Spyware Guard 2009\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\winscenter.exe
c:\windows\vmreg.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 08:04 . 2009-04-18 08:04 -------- d-----w c:\windows\ERUNT
2009-04-18 07:55 . 2009-04-18 08:21 -------- d-----w C:\SDFix
2009-04-18 07:33 . 2009-04-18 07:33 150 ----a-w c:\windows\system32\spupdsvc.inf
2009-04-18 07:28 . 2009-04-18 07:28 -------- d-----w c:\windows\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 08:02 . 2007-07-21 02:42 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-18 08:01 . 2007-07-21 02:41 -------- d-----w c:\program files\Norton Internet Security
2009-04-18 07:44 . 2007-07-21 02:42 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-18 07:32 . 2007-07-21 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 07:38 . 2008-01-25 10:02 -------- d-----w c:\program files\PokerStars
2009-04-17 07:38 . 2008-01-25 10:04 -------- d-----w c:\program files\Full Tilt Poker
2009-04-12 07:19 . 2007-07-21 06:23 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-06 14:00 . 2004-08-04 05:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2007-02-20 09:52 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 05:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2007-03-08 13:47 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-07-26 04:39 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-10-28 01:21 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 05:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 05:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2007-02-28 09:53 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-04 05:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-04 05:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2007-02-28 09:16 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-04 05:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-19 08:28 . 2009-01-19 08:28 366 ----a-w C:\aaw7boot.log
2008-11-06 09:35 . 2008-11-06 09:35 17726 ----a-w c:\program files\Common Files\wifo.dll
2008-11-06 09:35 . 2008-11-06 09:35 16440 ----a-w c:\program files\Common Files\igosiqikuv.exe
2008-11-06 09:35 . 2008-11-06 09:35 15697 ----a-w c:\documents and settings\Wygal\Application Data\obovyh.exe
2008-11-06 09:35 . 2008-11-06 09:35 15604 ----a-w c:\documents and settings\All Users\Application Data\gevu.bat
2008-11-06 09:35 . 2008-11-06 09:35 14418 ----a-w c:\documents and settings\Wygal\Application Data\udeqe.exe
2008-11-06 09:35 . 2008-11-06 09:35 13663 ----a-w c:\program files\Common Files\ecetomy.reg
2008-11-06 09:35 . 2008-11-06 09:35 10326 ----a-w c:\program files\Common Files\tojyhinaj.db
2008-11-06 09:35 . 2008-11-06 09:35 10160 ----a-w c:\documents and settings\Wygal\Application Data\kobudu.sys
2008-01-11 03:25 . 2007-07-21 06:22 89968 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-01-11 03:25 . 2008-01-11 03:25 128 ----a-w c:\documents and settings\Wygal\Local Settings\Application Data\fusioncache.dat
2007-07-21 06:22 . 2008-01-11 02:25 68456 ----a-w c:\documents and settings\Wygal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96D5CE2D-6275-43C3-9C86-8A9B689EF333}]
2004-08-04 05:00 95744 ----a-w c:\windows\system32\cnetcf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A84A7A2B-EFBB-46A4-ADAC-29B5558EE514}]
2004-08-04 05:00 95744 ----a-w c:\windows\system32\cnetcf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-06-24 342528]
"AdminWorks Tray"="c:\acer\LANScope Agent\awtray.exe" [2007-05-22 1459992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-05-20 17672]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-03-27 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-9-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2008-05-09 01:09 1177368 ----a-w c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-w c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 16:08 16380416 ----a-w c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:LANScope UDP Port
"2804:TCP"= 2804:TCP:LANScope TCP Port

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-05-09 96520]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-08-27 26768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2008-05-09 75272]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe [2006-06-29 520192]
R2 netlimiter;netlimiter;c:\windows\system32\drivers\netlimiter.sys [2006-10-03 18072]
R2 netlock;netlock;c:\windows\system32\drivers\netlock.sys [2007-05-30 14616]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-06-13 15640]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-09 10944]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-07-09 26488]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Acer ODDSpeedControl;Acer ODDSpeedControl;c:\acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe [2005-02-15 81920]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2008-05-09 12424]
S0 cqcjbmkw;cqcjbmkw;c:\windows\system32\drivers\cqcjbmkw.sys [2004-08-04 23424]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3955ccb8-1d63-11dd-9fad-001c25514d37}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a29f84f0-1d64-11dd-9fae-001c25514d37}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AppLaunch.exe AUTORUN=1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-installnet.exe - c:\acer\LANScope Agent\Installnet.exe
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2009\spywareguard.exe
SafeBoot-Wineq21.sys
MSConfigStartUp-brastk - brastk.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cardplayer.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 04:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1436)
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2009-04-18 4:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 08:36

Pre-Run: 60,129,783,808 bytes free
Post-Run: 60,593,004,544 bytes free

199 --- E O F --- 2009-04-18 07:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:53 AM, on 4/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\LANScope Agent\awtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\LANScope Agent\awServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Acer\LANScope Agent\LockKM.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cardplayer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {96D5CE2D-6275-43C3-9C86-8A9B689EF333} - C:\WINDOWS\system32\cnetcf.dll
O2 - BHO: (no name) - {A84A7A2B-EFBB-46A4-ADAC-29B5558EE514} - C:\WINDOWS\system32\cnetcf.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\LANScope Agent\awtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8658 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 18 April 2009 - 03:59 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.bleepingcomputer.com/forums/index.php?showtopic=217907&view=findpost&p=1228185

KillAll::

Driver::
cqcjbmkw

Collect::
c:\program files\Common Files\wifo.dll
c:\program files\Common Files\igosiqikuv.exe
c:\documents and settings\Wygal\Application Data\obovyh.exe
c:\documents and settings\All Users\Application Data\gevu.bat
c:\documents and settings\Wygal\Application Data\udeqe.exe
c:\program files\Common Files\ecetomy.reg
c:\program files\Common Files\tojyhinaj.db
c:\documents and settings\Wygal\Application Data\kobudu.sys
c:\windows\system32\cnetcf.dll
c:\windows\system32\drivers\cqcjbmkw.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96D5CE2D-6275-43C3-9C86-8A9B689EF333}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A84A7A2B-EFBB-46A4-ADAC-29B5558EE514}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a29f84f0-1d64-11dd-9fae-001c25514d37}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


**Note**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • Simply follow the instructions to copy/paste/send the requested file.
Note::
If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here[/color=red]).zip[/color] and upload it at this site

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 23 April 2009 - 07:55 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users